Abstract
As the existing DGA detection methods always don’t take into account the problem of word-based DGA method, this will make it invalid. In this paper, a detection method against the word-based DGA has been proposed. Firstly, the word-based DGA methods are analyzed and three type features that the word feature, part-of-speech feature and word correlation feature are analyzed. Then 16 features are concluded from the above analysis and two typical word-based DGA methods Matsnu and Suppobox are chosen as the test object. Finally, the random forest classifier is used in detection. The comparison experimental results show that the proposed method has better performance than the existing ones.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chanthakoummane, Y., Saiyod, S., Benjamas, N., Khamphakdee, N.: Improving intrusion detection on Snort rules for Botnets detection. In: Kim, K., Joukov, N. (eds.) Information Science and Applications (ICISA) 2016. LNCS, vol. 376, pp. 765–779. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0557-2_74
Yadav, S., Reddy, A.K.K., Reddy, A.L., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp. 48–61. ACM (2010)
Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis. IEEE ACM Trans. Netw. 20, 1663–1677 (2012)
Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16, 128 (2014)
Schiavoni, S., Maggi, F., Cavallaro, L., Zanero, S.: Tracking and characterizing Botnets using automatically generated domains. arXiv (2013)
Schiavoni, S., Maggi, F., Cavallaro, L., Zanero, S.: Phoenix: DGA-based botnet tracking and intelligence. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 192–211. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08509-8_11
Mowbray, M., Hagen, J.: Finding domain-generation algorithms by looking at length distribution. In: IEEE International Symposium on Software Reliability Engineering Workshops, pp. 395–400. IEEE (2014)
Raghuram, J., Miller, D.J., Kesidis, G.: Unsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling. J. Adv. Res. 5, 423–433 (2014)
Grill, M., Nikolaev, I., Valeros, V., Rehak, M.: Detecting DGA malware using NetFlow. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1304–1309. IEEE (2015)
Nguyen, T.D., Cao, T.D., Nguyen, L.G.: DGA botnet detection using collaborative filtering and density based clustering. In: Proceedings of the Sixth International Symposium on Information and Communication Technology, pp. 203–209. ACM (2015)
Wang, T., Hu, X., Jang, J., Ji, S., Stoecklin, M., Taylor, T.: BotMeter: charting DGA-botnet landscapes in large networks. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 334–343. IEEE (2016)
Woodbridge, J., Anderson, H.S., Ahuja, A., Grant, D.: Predicting domain generation algorithms with long short-term memory networks. arXiv (2016)
Anderson, H.S., Woodbridge, J., Filar, B.: DeepDGA: adversarially-tuned domain generation and detection. In: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, pp. 13–21. ACM (2016)
Yu, B., Gray, D.L., Pan, J., De Cock, M., Nascimento, A.C.: Inline DGA detection with deep networks. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 683–692. IEEE (2017)
Bird, S., Loper, E.: NLTK: the natural language Toolkit. In: Proceedings of the ACL 2004 on Interactive Poster and Demonstration Sessions, p. 31. Association for Computational Linguistics (2004)
Google: word2vec. https://code.google.com/archive/p/word2vec/. Accessed 12 May 2018
Acknowledgment
This work was supported by the National Natural Science Foundation of China (Grants nos. 61702235, 61602247, 61472188, and U1636117), Natural Science Foundation of Jiangsu Province (Grants no. BK20160840 and BK20150472), CCF-VENUSTECH Foundation (Grant no. 2016011), and Fundamental Research Funds for the Central Universities (30920140121006 and 30915012208).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, L. et al. (2018). A Novel Detection Method for Word-Based DGA. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11064. Springer, Cham. https://doi.org/10.1007/978-3-030-00009-7_43
Download citation
DOI: https://doi.org/10.1007/978-3-030-00009-7_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00008-0
Online ISBN: 978-3-030-00009-7
eBook Packages: Computer ScienceComputer Science (R0)